diff options
Diffstat (limited to 'debian/open-infrastructure-dehydrated-tools.postinst')
-rwxr-xr-x | debian/open-infrastructure-dehydrated-tools.postinst | 370 |
1 files changed, 370 insertions, 0 deletions
diff --git a/debian/open-infrastructure-dehydrated-tools.postinst b/debian/open-infrastructure-dehydrated-tools.postinst new file mode 100755 index 0000000..3eb3a04 --- /dev/null +++ b/debian/open-infrastructure-dehydrated-tools.postinst @@ -0,0 +1,370 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +CONFFILE="/etc/dehydrated/conf.d/config.sh" + +Install () +{ + DEFAULT="${1}" + TARGET="${2}" + + mkdir -p "${DEFAULT}" > /dev/null 2>&1 || true + mkdir -p "${TARGET}" > /dev/null 2>&1 || true + + if [ "${TARGET}" != "${DEFAULT}" ] + then + if [ -h "${DEFAULT}" ] + then + rm -f "${DEFAULT}" + ln -s "${TARGET}" "${DEFAULT}" + else + if [ -e "${DEFAULT}" ] && [ -z "$(ls -A ${DEFAULT})" ] + then + rmdir "${DEFAULT}" + ln -s "${TARGET}" "${DEFAULT}" + elif [ -n "$(ls -A ${DEFAULT})" ] && [ -z "$(ls -A ${TARGET})" ] + then + rmdir "${TARGET}" + mv "${DEFAULT}" "${TARGET}" + ln -s "${TARGET}" "${DEFAULT}" + fi + fi + fi + + if ! dpkg-statoverride --list "${DEFAULT}" > /dev/null 2>&1 && + ! dpkg-statoverride --list "${TARGET}" > /dev/null 2>&1 + then + if getent group ssl-cert > /dev/null 2>&1 + then + GROUP="ssl-cert" + else + GROUP="root" + fi + + chmod 0770 "${TARGET}" + chown root:"${GROUP}" "${TARGET}" + + chmod 0770 "${DEFAULT}" + chown root:"${GROUP}" "${DEFAULT}" + fi +} + +case "${1}" in + configure) + db_get open-infrastructure-dehydrated-tools/ca + CA="${RET}" # select + + db_get open-infrastructure-dehydrated-tools/auto-cleanup + AUTO_CLEANUP="${RET}" # boolean + + db_get open-infrastructure-dehydrated-tools/challengetype + CHALLENGETYPE="${RET}" # select + + db_get open-infrastructure-dehydrated-tools/contact-email + CONTACT_EMAIL="${RET}" # string (w/ empty) + + db_get open-infrastructure-dehydrated-tools/key-algo + KEY_ALGO="${RET}" # select + + db_get open-infrastructure-dehydrated-tools/ocsp-fetch + OCSP_FETCH="${RET}" # boolean + + db_get open-infrastructure-dehydrated-tools/ocsp-must-staple + OCSP_MUST_STAPLE="${RET}" # boolean + + db_get open-infrastructure-dehydrated-tools/preferred-chain + PREFERRED_CHAIN="${RET}" # string w/ empty + + db_get open-infrastructure-dehydrated-tools/hooks + HOOKS="${RET}" # multi-select (w/ empty) + + db_get open-infrastructure-dehydrated-tools/basedir + NEW_BASEDIR="${RET}" # string (w/o empty) + + db_get open-infrastructure-dehydrated-tools/domains + DOMAINS="${RET}" # string (w/ empty) + + db_get open-infrastructure-dehydrated-tools/tsig + TSIG="${RET}" # string (w/ empty) + + db_get open-infrastructure-dehydrated-tools/register + REGISTER="${RET}" # boolean + + db_get open-infrastructure-dehydrated-tools/run + RUN="${RET}" # boolean + + db_stop + + case "${AUTO_CLEANUP}" in + true) + AUTO_CLEANUP="yes" + ;; + + false) + AUTO_CLEANUP="no" + ;; + esac + + case "${OCSP_FETCH}" in + true) + OCSP_FETCH="yes" + ;; + + false) + OCSP_FETCH="no" + ;; + esac + + case "${OCSP_MUST_STAPLE}" in + true) + OCSP_MUST_STAPLE="yes" + ;; + + false) + OCSP_MUST_STAPLE="no" + ;; + esac + + HOOK="/usr/bin/dehydrated-hook" + + if [ ! -e "${CONFFILE}" ] + then + +cat > "${CONFFILE}" << EOF +# /etc/dehydrated/conf.d/config.sh + +AUTO_CLEANUP="${AUTO_CLEANUP}" +CA="${CA}" +CHALLENGETYPE="${CHALLENGETYPE}" +CONTACT_EMAIL="${CONTACT_EMAIL}" +HOOK="${HOOK}" +KEY_ALGO="${KEY_ALGO}" +OCSP_FETCH="${OCSP_FETCH}" +OCSP_MUST_STAPLE="${OCSP_MUST_STAPLE}" +PREFERRED_CHAIN="${PREFERRED_CHAIN}" +EOF + + fi + + cp -a -f "${CONFFILE}" "${CONFFILE}.tmp" + + # If the admin deleted or commented some variables but then set + # them via debconf, (re-)add them to the config file. + + test -z "${AUTO_CLEANUP}" || \ + grep -Eq '^ *AUTO_CLEANUP=' "${CONFFILE}" || \ + echo "AUTO_CLEANUP=" >> "${CONFFILE}" + + test -z "${CA}" || \ + grep -Eq '^ *CA=' "${CONFFILE}" || \ + echo "CA=" >> "${CONFFILE}" + + test -z "${CHALLENGETYPE}" || \ + grep -Eq '^ *CHALLENGETYPE=' "${CONFFILE}" || \ + echo "CHALLENGETYPE=" >> "${CONFFILE}" + + test -z "${CONTACT_EMAIL}" || \ + grep -Eq '^ *CONTACT_EMAIL=' "${CONFFILE}" || \ + echo "CONTACT_EMAIL=" >> "${CONFFILE}" + + test -z "${HOOK}" || \ + grep -Eq '^ *HOOK=' "${CONFFILE}" || \ + echo "HOOK=" >> "${CONFFILE}" + + test -z "${KEY_ALGO}" || \ + grep -Eq '^ *KEY_ALGO=' "${CONFFILE}" || \ + echo "KEY_ALGO=" >> "${CONFFILE}" + + test -z "${OCSP_FETCH}" || \ + grep -Eq '^ *OCSP_FETCH=' "${CONFFILE}" || \ + echo "OCSP_FETCH=" >> "${CONFFILE}" + + test -z "${OCSP_MUST_STAPLE}" || \ + grep -Eq '^ *OCSP_MUST_STAPLE=' "${CONFFILE}" || \ + echo "OCSP_MUST_STAPLE=" >> "${CONFFILE}" + + test -z "${PREFERRED_CHAIN}" || \ + grep -Eq '^ *PREFERRED_CHAIN=' "${CONFFILE}" || \ + echo "PREFERRED_CHAIN=" >> "${CONFFILE}" + + sed -e "s|^ *AUTO_CLEANUP=.*|AUTO_CLEANUP=\"${AUTO_CLEANUP}\"|" \ + -e "s|^ *CA=.*|CA=\"${CA}\"|" \ + -e "s|^ *CHALLENGETYPE=.*|CHALLENGETYPE=\"${CHALLENGETYPE}\"|" \ + -e "s|^ *CONTACT_EMAIL=.*|CONTACT_EMAIL=\"${CONTACT_EMAIL}\"|" \ + -e "s|^ *HOOK=.*|HOOK=\"${HOOK}\"|" \ + -e "s|^ *KEY_ALGO=.*|KEY_ALGO=\"${KEY_ALGO}\"|" \ + -e "s|^ *OCSP_FETCH=.*|OCSP_FETCH=\"${OCSP_FETCH}\"|" \ + -e "s|^ *OCSP_MUST_STAPLE=.*|OCSP_MUST_STAPLE=\"${OCSP_MUST_STAPLE}\"|" \ + -e "s|^ *PREFERRED_CHAIN=.*|PREFERRED_CHAIN=\"${PREFERRED_CHAIN}\"|" \ + < "${CONFFILE}" > "${CONFFILE}.tmp" + + mv -f "${CONFFILE}.tmp" "${CONFFILE}" + + for HOOK in $(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort) + do + if [ -L "/etc/dehydrated/hook.d/${HOOK}" ] + then + rm -f "/etc/dehydrated/hook.d/${HOOK}" + fi + done + + if [ -n "${HOOKS}" ] + then + HOOKS="$(echo ${HOOKS} | sed -e 's|,| |g')" + + if echo "${HOOKS}" | grep -qs "ALL" + then + HOOKS="$(cd /usr/share/dehydrated/hooks && find -maxdepth 1 -not -type d -printf '%P\n' | sort)" + fi + + for HOOK in ${HOOKS} + do + if [ ! -e "/etc/dehydrated/hook.d/${HOOK}" ] && [ -e "/usr/share/dehydrated/hooks/${HOOK}" ] + then + ln -sf "/usr/share/dehydrated/hooks/${HOOK}" "/etc/dehydrated/hook.d/${HOOK}" + fi + done + fi + + for FILE in /etc/dehydrated/config /etc/dehydrated/conf.d/*.sh + do + if [ -e "${FILE}" ] + then + . ${FILE} || true + fi + done + + if [ -n "${NEW_BASEDIR}" ] && [ "${BASEDIR}" != "${NEW_BASEDIR}" ] + then + rmdir "${BASEDIR}/acme-challenges" > /dev/null 2>&1 || true + Install "${BASEDIR}" "${NEW_BASEDIR}" + mkdir -p "${BASEDIR}/acme-challenges" + fi + + if [ -n "${DOMAINS}" ] && [ "${DOMAINS}" != "none" ] + then + rm -f /etc/dehydrated/domains.txt + + GROUPS="$(echo ${DOMAINS} | sed -e 's/ /#/g' -e 's/|/ /g')" + + for GROUP in ${GROUPS} + do + DOMAINS="$(echo ${GROUP} | sed -e 's/#/ /g' -e 's/^ //g')" + + echo "${DOMAINS}" >> /etc/dehydrated/domains.txt + done + fi + + if [ -n "${TSIG}" ] + then + case "${TSIG}" in + http*) + # tsig is a URL + echo -n "Downloading tsig.key from '${TSIG}'..." + + if command -v wget -q "${TSIG}" -O /dev/null > /dev/null 2>&1 + then + rm -f /etc/dehydrated/tsig.key + + wget -q "${TSIG}" -O /etc/dehydrated/tsig.key + chmod 0600 /etc/dehydrated/tsig.key + + TSIG_FILE="/etc/dehydrated/tsig.key" + elif command -v curl -s "${TSIG}" -o /dev/null > /dev/null 2>&1 + then + rm -f /etc/dehydrated/tsig.key + + curl -s "${TSIG}" -o /etc/dehydrated/tsig.key + chmod 0600 /etc/dehydrated/tsig.key + + TSIG_FILE="/etc/dehydrated/tsig.key" + else + echo + echo "W: need wget or curl" >&2 + fi + + if [ -n "${TSIG_FILE}" ] + then + echo " done." + fi + ;; + + *:*) + # tsig is a string + echo "${TSIG}" > /etc/dehydrated/tsig.key + chmod 0600 /etc/dehydrated/tsig.key + + TSIG_FILE="/etc/dehydrated/tsig.key" + ;; + + */*) + # tsig is a path + TSIG_FILE="${TSIG}" + ;; + + *) + echo "'${TSIG}' is neither a valid tsig nor a path to an existing file - ignoring" + ;; + esac + fi + + if [ -n "${TSIG_FILE}" ] + then + DEFAULT_FILE="/etc/default/dehydrated-nsupdate" + + if [ ! -e "${DEFAULT_FILE}" ] + then + +cat > "${DEFAULT_FILE}" << EOF +# ${DEFAULT_FILE} + +TSIG_KEYFILE="${TSIG_FILE}" +EOF + + fi + + cp -a -f "${DEFAULT_FILE}" "${DEFAULT_FILE}.tmp" + + # If the admin deleted or commented some variables but then set + # them via debconf, (re-)add them to the config file. + + test -z "${TSIG_FILE}" || \ + grep -Eq '^ *TSIG_KEYFILE=' "${DEFAULT_FILE}" || \ + echo "TSIG_KEYFILE=" >> "${DEFAULT_FILE}" + + sed -e "s|^ *TSIG_KEYFILE=.*|TSIG_KEYFILE=\"${TSIG_FILE}\"|" \ + < "${DEFAULT_FILE}" > "${DEFAULT_FILE}.tmp" + + mv -f "${DEFAULT_FILE}.tmp" "${DEFAULT_FILE}" + fi + + case "${REGISTER}" in + true) + dehydrated --register --accept-terms + ;; + esac + + case "${RUN}" in + true) + dehydrated --cron --keep-going + ;; + esac + + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`${1}'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 |